Severe Risk
IP 176.117.107.74 is a high-risk Netherlands-based address with a threat level of 10/10 that has generated 5,739 total abuse reports from automated honeypot sensors, indicating sustained malicious activity dominated by SSH intrusion attempts and general hacking probes against exposed services.
The IP 176.117.107.74 sits within AS51396 operated by Pfcloud UG in the Netherlands and was first reported in November 2025 with continued detection through December 2025, accumulating reports from 20 separate honeypot sensors across that timeframe. The confidence score of 63% reflects substantial corroboration from multiple detection sources, while the activity frequency of 0/10 suggests the IP may cycle through targets rather than maintaining continuous connections to any single host. The 20 honeypot sources reporting this address represent a diverse detection network, making it unlikely these are false positives or narrowly targeted probes. The report breakdown shows 18 hacking-category incidents alongside 2 specific SSH-related detections, pointing to credential-guessing campaigns as the primary attack vector.
The dominant SSH threat category represents one of the most prevalent attack patterns observed across internet-facing infrastructure, where automated tooling attempts to guess weak or default credentials to gain shell access to servers. This IP has been flagged by multiple honeypots with evidence of fail2ban triggering on sshd, confirming that the address is generating enough suspicious connection attempts to trigger automated defensive responses in real deployments. General hacking activity compounds this risk by suggesting the operator may also be testing for vulnerable services, misconfigured daemons, or exploitable application-layer weaknesses beyond simple credential stuffing. An address with 5,739 cumulative reports from honeypot infrastructure indicates persistent, automated scanning behaviour that treats any exposed SSH service as a target regardless of apparent insignificance.
Operators with SSH services exposed to the internet should immediately verify that fail2ban or equivalent tools are actively monitoring authentication logs and blocking repeat offenders like this address. Key-based authentication should replace password authentication entirely, default port 22 changed to a non-standard value, and root login disabled to eliminate the most commonly exploited configuration weaknesses. Additionally, reviewing authentication logs for any successful connections from 176.117.107.74 would be prudent, and implementing network-level blocking or geographic restrictions if Netherlands-based SSH access is unnecessary for your infrastructure is advisable.
SE 
IR 
SI 
SC 
RO